Description

A security vulnerability has been detected in specific versions of Apache Commons Text and reported as CVE2022-42889. For more information regarding this vulnerability, please refer to the following links:

https://nvd.nist.gov/vuln/detail/CVE-2022-42889

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889

Impact

The Veritas eDiscovery Platform is not impacted by CVE-2022-42889.  Apache Commons Text v1.9 is only used in Veritas Information Classifier, but it does not make use of StringSubstitutor () nor does the DropWizard framework use it. No action is required to mitigate this vulnerability.